Java vulnerability – is this plugin compliant?

  • Resolved jentech

    (@jentech)


    4 years, 5 months ago

    Hi, we have been alerted by Auth.net about a known vulnerability and instruictions to update client applications, is this plugin compliant? Here is the message:

    * * *

    We are aware of the vulnerability recently identified that affects websites or applications using Java, specifically the log4j versions 2.0 – 2.14.1. These versions primarily use the "jndi:" logging. ...

In order to mitigate additional vulnerabilities, you or your web developer or solution provider should switch any current log4j2.formatMsgNoLookups to a status of true by adding:"‐Dlog4j2.formatMsgNoLookups=True" to the JVM command used for starting the application.

Additionally, to help prevent the library being exploited, we urgently recommend that any Java Log4j versions are upgraded to log4j-2.15.0.

    * * *

    Is this plugin compliant with instructions above?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • 3 Sons Development

    (@3sonsdevelopment)

    4 years, 5 months ago

    Hi @jentech,

    WooCommerce does not run on Java. You’ll find a good bit of JavaScript but despite the name, that does not have anything to do with the Java language.

    If you have any questions, let us know.

    Cheers

    Mirko P.

    (@rainfallnixfig)

    4 years, 4 months ago

    Hi there,

    We haven’t heard from you in a while, so I’m going to mark this as resolved. Feel free to start a new thread if you have any more questions.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Java vulnerability – is this plugin compliant?’ is closed to new replies.